From patchwork Fri Mar 9 09:41:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 10270239 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 68135602BD for ; Fri, 9 Mar 2018 09:41:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5F56428A98 for ; Fri, 9 Mar 2018 09:41:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 53B8228B0B; Fri, 9 Mar 2018 09:41:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 504CA28A98 for ; Fri, 9 Mar 2018 09:41:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750926AbeCIJly (ORCPT ); Fri, 9 Mar 2018 04:41:54 -0500 Received: from mail-wr0-f194.google.com ([209.85.128.194]:37920 "EHLO mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750800AbeCIJlw (ORCPT ); Fri, 9 Mar 2018 04:41:52 -0500 Received: by mail-wr0-f194.google.com with SMTP id n7so8372277wrn.5 for ; Fri, 09 Mar 2018 01:41:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=58JR0n9vGYIWCcGv5XQPxmOEwgu9DEBHrAVbvweArvk=; b=hLOGmNKx27U7mrYAM0/2wYVyhf41zXMswC9jIaUEEf7Vv+x7rMCNWqrosxWKmouPbY TdrTGvjZvNmngqql4ltmF1VWQFXsdOEl+pP1JusD6wxIu0R1HC0TnlDxX9eF7e0lGVY5 r+WSgLQG9JO88swGaYZj64Wl7w0LowBTFp8kcQRBu9GGlNkEXlJ3FDROZC5lSCHojG5L cdbhOl/i5Gn9MtwxOJsjonUhziDDSq7epejYK0INlC7IMzPJPBHdDX6Z8z0xfGhvJSsX RdZadqNJNQ/3wdd4TehF30ZR2DbFFJK2bthlChLSoDBZLX0ouTqg842Ez3luVWFwHkAH E/yA== X-Gm-Message-State: APf1xPD+rSOCoAaTmya32JS1fXSjRP7ctRxTzxBGQgc0KqUiIM3VtKv1 EhRRCllWYncTWdNQvxs3Cf7CvA== X-Google-Smtp-Source: AG47ELu4HkwAD4Z4iYAuHmLdPDHRZQlz8pnFAjC6FH7pf22miyqcDWkau/AFBJRp1ahc0lmewXqIfg== X-Received: by 10.223.191.6 with SMTP id p6mr24311554wrh.247.1520588511551; Fri, 09 Mar 2018 01:41:51 -0800 (PST) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id k130sm1273169wmg.9.2018.03.09.01.41.50 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 09 Mar 2018 01:41:51 -0800 (PST) From: Lorenzo Bianconi To: kubakici@wp.pl Cc: linux-wireless@vger.kernel.org Subject: [PATCH] mt7601u: let mac80211 validate rx CCMP PN Date: Fri, 9 Mar 2018 10:41:41 +0100 Message-Id: <9ccb187ffdba10f63148402aa38a5db436c52935.1520588242.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: References: Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Apparently the hardware does not perform CCMP PN validation so let mac80211 take care of possible replay attacks in sw. Moreover indicate ICV and MIC had been stripped setting corresponding bits in ieee80211_rx_status. The fix has been validated using 4.2.1 and 4.1.3 tests from the WiFi Alliance vulnerability detection tool. Fixes: c869f77d6abb ("add mt7601u driver") Acked-by: Jakub Kicinski Tested-by: David Park Signed-off-by: Lorenzo Bianconi --- drivers/net/wireless/mediatek/mt7601u/initvals.h | 1 + drivers/net/wireless/mediatek/mt7601u/mac.c | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/mediatek/mt7601u/initvals.h b/drivers/net/wireless/mediatek/mt7601u/initvals.h index ec11ff66969d..2dc6b68e7fb9 100644 --- a/drivers/net/wireless/mediatek/mt7601u/initvals.h +++ b/drivers/net/wireless/mediatek/mt7601u/initvals.h @@ -139,6 +139,7 @@ static const struct mt76_reg_pair mac_common_vals[] = { { MT_TXOP_HLDR_ET, 0x00000002 }, { MT_XIFS_TIME_CFG, 0x33a41010 }, { MT_PWR_PIN_CFG, 0x00000000 }, + { MT_PN_PAD_MODE, 0x00000001 }, }; static const struct mt76_reg_pair mac_chip_vals[] = { diff --git a/drivers/net/wireless/mediatek/mt7601u/mac.c b/drivers/net/wireless/mediatek/mt7601u/mac.c index 4d3077941138..d55d7040a56d 100644 --- a/drivers/net/wireless/mediatek/mt7601u/mac.c +++ b/drivers/net/wireless/mediatek/mt7601u/mac.c @@ -480,8 +480,16 @@ u32 mt76_mac_process_rx(struct mt7601u_dev *dev, struct sk_buff *skb, if (rxwi->rxinfo & cpu_to_le32(MT_RXINFO_DECRYPT)) { status->flag |= RX_FLAG_DECRYPTED; - status->flag |= RX_FLAG_IV_STRIPPED | RX_FLAG_MMIC_STRIPPED; + status->flag |= RX_FLAG_MMIC_STRIPPED; + status->flag |= RX_FLAG_MIC_STRIPPED; + status->flag |= RX_FLAG_ICV_STRIPPED; + status->flag |= RX_FLAG_IV_STRIPPED; } + /* let mac80211 take care of PN validation since apparently + * the hardware does not support it + */ + if (rxwi->rxinfo & cpu_to_le32(MT_RXINFO_PN_LEN)) + status->flag &= ~RX_FLAG_IV_STRIPPED; status->chains = BIT(0); rssi = mt7601u_phy_get_rssi(dev, rxwi, rate);